Localized account freeze for fraudulent transactions

ABSTRACT

Computer-implemented methods and systems are provided for locally freezing a user account in a geographic or digital space. Consistent with disclosed embodiments, locally freezing a user account in a geographic or digital space includes receiving fraud data associated with the user account, the fraud data including a location where a fraud associated with the user account has occurred, wherein the fraud location includes at least one of a digital location or a geographical location; receiving account data associated with the user account, the account data including non-fraudulent account transaction information; generating a pattern of fraud based on the fraud data; generating a pattern of use associated with the user account based on the account data; determining a geodigital area for a localized account freeze based on the pattern of fraud and the pattern of use; and performing a localized account freeze on the user account based on the determined geodigital area.

TECHNICAL FIELD

The disclosed embodiments concern localized account freezes in ageographic or digital space using machine learning systems. Morespecifically, the disclosed embodiments concern neural network systemsthat use machine learning for determining fraudulent and nonfraudulentpatterns and performing a localized account freeze based on thosepatterns.

BACKGROUND

Electronic data transfers often fall victim to fraud due to identitytheft, data breaches, or otherwise insecure systems. When potentialfraud occurs, financial service providers may ask the user whether fraudhas occurred and/or completely deactivate the account. When a user isasked whether fraud has occurred, there may be a delay in the response,providing time for further fraudulent activity. Alternatively, if theuser's account is compromised by a fraudster, the fraudster may haveaccess to the user account and indicate that no fraud has occurred whilecontinuing the fraudulent activity.

If the user's account is completely deactivated, a user may lose accessto their card even when the fraud occurred electronically or very faraway.

Accordingly, improved systems are needed for identifying fraudulentelectronic data transactions and applying intelligent rules for freezinga user account to reduce computer system load, improve systemefficiency, and enhance electronic data security.

SUMMARY

Consistent with disclosed embodiments, there is provided a methodperformed by at least one processor for locally freezing a user accountin a geographic or digital space. The method includes: receiving frauddata associated with the user account, the fraud data including alocation where a fraud associated with the user account has occurred,wherein the fraud location may comprise at least one of a digitallocation or a geographical location; receiving account data associatedwith the user account, the account data including nonfraudulent accounttransaction information; generating a pattern of fraud based on thefraud data; generating a pattern of use associated with the user accountbased on the account data; determining a geodigital area for a localizedaccount freeze based on the pattern of fraud and the pattern of use; andperforming a localized account freeze on the user account based on thedetermined geodigital area.

Also consistent with disclosed embodiments, there is provided a systemfor locally freezing a user account in a geographic or digital space.The system includes: at least one processor and at least onenon-transitory computer readable medium containing instructions that,when executed by the at least one processor, cause the processor toperform operations. The operations include receiving fraud dataassociated with the user account, the fraud data including a locationwhere a fraud associated with the user account has occurred, wherein thefraud location comprises at least one of a digital location or ageographical location; receiving account data associated with the useraccount, the account data including non-fraudulent account transactioninformation; receiving account data associated with the user account,the account data including non-fraudulent account transactioninformation; generating a pattern of fraud based on the fraud data;generating a pattern of use associated with the user account based onthe account data; determining a geodigital area for a localized accountfreeze based on the pattern of fraud or the pattern of use; andperforming a localized account freeze on the user account based on thedetermined area.

Further consistent with disclosed embodiments, there is provided anauthorization server including at least one processor and at least onenon-transitory computer readable medium. The non-transitory computerreadable medium contains instructions that, when executed by the atleast one processor, cause the authorization server to performoperations including: receiving fraud data associated with the useraccount from a first system, the fraud data including a location where afraud associated with the user account has occurred, wherein the fraudlocation comprises at least one of a digital location or a geographicallocation; generating a pattern of fraud based on the fraud data;generating a pattern of use associated with the user account based onthe account data; determining a geodigital area for a localized accountfreeze based on the pattern of fraud and the pattern of use; andproviding the geodigital area for a localized account freeze to thefirst system.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory onlyand are not restrictive of the disclosed embodiments, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings are not necessarily to scale or exhaustive. Instead,emphasis is generally placed upon illustrating the principles of theembodiments disclosed herein. The accompanying drawings, which areincorporated in and constitute a part of this specification, illustrateseveral embodiments consistent with the disclosure and together with thedescription, serve to explain the principles of the disclosure. In thedrawings:

FIG. 1 depicts an exemplary environment for a localized account freezeimplemented upon detecting a fraudulent transaction.

FIG. 2 depicts a schematic illustrating an exemplary device forlocalized account freeze upon detecting a fraudulent transaction.

FIGS. 3A and 3B depict geographical models of a localized account freezeimplemented upon detecting fraudulent transaction.

FIG. 4A depicts authorization of electronic transactions based on a userpattern.

FIG. 4B depicts authorization of electronic transactions based on afraud pattern.

FIG. 5 depicts a flowchart illustrating a process for localized accountfreeze when detecting a fraudulent transaction.

DETAILED DESCRIPTION

Reference will now be made in detail to the disclosed embodiments,examples of which are illustrated in the accompanying drawings. Whereverconvenient, the same reference numbers will be used throughout thedrawings to refer to the same or like parts.

In order to overcome the deficiencies of prior art, it is necessary toapply intelligent algorithms for determine how and where to perform alocal account freeze. The goal of the account freeze is to allow a userto continue to use their account while simultaneously disallowing futurefraudulent transactions. Consistent with the present disclosure,intelligent algorithms are applied to determine patterns from largeamounts of data. For example, intelligent algorithms may be applied todetermine transactions associated with a user and transactions which maybe associated with fraud.

In the modern era of digital transactions, an account freeze cannotsimply be geographical in nature but must also take into consideration awide assortment of potential online transactions which may not be fixedto a physical location. Therefore, in order to provide a system whichmay accurately and intelligently perform a local account freeze, theaccount freeze should be capable of being performed not only in ageographical area but also in a digital space. Accordingly, the scope ofaccount freeze disclosed herein is referred to as a geodigital area andpotentially encompasses either a given geographical area or a digitalspace, or both a geographical area and a digital space.

For the purposes of the present disclosure, a digital space may beassociated with certain websites and types of transactions as well as avariety of other factors. For example, a digital space could beassociated with a website such as Amazon.com or types of onlinetransactions such as purchasing model trains. By separating transactionsinto these digital spaces, a user is able to continue with their normalpattern of purchasing while avoiding potentially fraudulent transactionson their account.

FIG. 1 depicts an exemplary environment 100 for a localized accountfreeze implemented upon detecting a fraudulent transaction, consistentwith disclosed embodiments. Environment 100 may include a user 102, auser device 104, a fraudster 106, a fraudster device 108, a merchantsystem 110, a network 112, a payment processing network 114, a financialservice provider system 116, and a localized account freeze device 118.In some embodiments, localized account freeze device 118 may beconfigured to locally freeze a user account associated with user 102based on data received from another element of environment 100 such asuser device 104, merchant system 110, network 112, payment processingnetwork 114, financial service provider system 116, or another system.In some embodiments, localized account freeze device 118 may beconfigured to authorize an electronic transaction occurring at merchantsystem 110 or at another system. Such electronic transactions may beauthorized using fraud data and account data associated with an accountassociated with user 102 and user device 104. The fraud data and accountdata may be received from user device 104, merchant system 110,financial service provider system 116, or another system. Merchantsystem 110 may be configured to request authorization of an electronictransaction from financial service provider system 116, localizedaccount freeze device 118, or another system. The elements ofenvironment 100 may be configured to communicate over network 112. Aswould be recognized by one of skill in the art, the depiction ofenvironment 100 in FIG. 1 is not intended to be limiting. In someembodiments, additional elements may be added, and/or the depictedelements of environment 100 may be combined, divided, modified, orremoved. For example, envisioned embodiments may implement a superset ora subset of the depicted elements of system 100.

In some embodiments, fraudster 106 is a person or entity associated withfraudster device 108 that initiates a financial transaction associatedwith user 102 and user device 104 using merchant system 110. Localizedaccount freeze device 118 may be configured to freeze an accountassociated with user 102 and user device 104 for any future transactionsinitiated by fraudster 106 using fraudster device 108 while allowingfuture transactions by user 102 using user device 104.

Localized account freeze device 118 may be configured to locally freezean account associated with user 102 and user device 104 based on frauddata and account data, consistent with disclosed embodiments. Localizedaccount freeze device 118 may include one or more computing devices,such as servers, workstations, desktop computers, or special-purposecomputing devices. In some embodiments, localized account freeze device118 may be implemented using a parallel computing environment, such asthe MapReduce architecture described in “MapReduce: Simplified DataProcessing on Large Clusters,” by Jeffrey Dean and Sanjay Ghemawat,(Dean, J. and Ghemawat, “MapReduce: Simplified data processing on largeclusters”; Sixth Symposium on Operating System Design andImplementation; San Francisco, Calif.; 2004) or the Spark architecturedescribed in “Spark: Cluster Computing with Working Sets,” by MateiZaharia, Mosharaf Chowdhury, Michael J. Franklin, Scott Shenker, and IonStoica, (Zaharia, M., Chowdhury M., Franklin M., Shenker S., and StoicaI., “Spark: Cluster Computing with Working Sets”; IEEE InternationalConference on Cloud Computing Technology and Science; Berkeley, Calif.;2010) each of which is incorporated herein by reference in its entirety.Localized account freeze device 118 is not limited to a specificparallelization technology, job scheduler (e.g., YARN or Mesos),programming language, parallel computing environment, or parallelcomputing environment communications protocol. For example, localizedaccount freeze device 118 may be implemented in scientific computingclusters, databases, cloud-based computing environments, and ad-hocparallel computing environments (e.g., SETI at home or the like). Insuch a parallel computing environment, localized account freeze device118 may be implemented as a collection of logical nodes. In someaspects, these logical nodes may include controller, mapper, and reducernodes, as would now be recognized by one of skill in the art. Theselogical nodes may be implemented using servers, workstations, desktops,graphics cards, videogame systems, embedded systems, or other computingdevices according to systems and methods known by one of skill in theart.

Localized account freeze device 118 may be standalone, or it may be partof a subsystem, which may be part of a larger system. For example,localized account freeze device 118 may be associated with a financialinstitution, such as a bank (not shown). Localized account freeze device118 may include distributed servers that are remotely located, and maycommunicate with other systems of the financial institution over apublic network, or over a dedicated private network.

As described in greater detail with regard to FIG. 2 , a memory 206 maybe configured to store data and instructions used to locally freeze anaccount associated with a user 102 and a user device 104. In certainaspects, when executed by the one or more computing devices implementinglocalized account freeze device 118, the instructions may causelocalized account freeze device 118 to perform various disclosedoperations. As a non-limiting example, the instructions may causelocalized account freeze device 118 to locally freeze an accountassociated with a user 102 and a user device 104.

Merchant system 110 may comprise a system for collecting paymentinformation, consistent with disclosed embodiments. Merchant system 110may include one or more computing systems, such as servers, generalpurpose computers, or mainframe computers. For example, Merchant system110 may comprise one or more point-of-sale terminals, automated tellermachines, check verification systems, credit card processing systems, orsimilar systems. Merchant system 110 may be standalone, or it may bepart of a subsystem, which may be part of a larger system. For example,merchant system 110 may be associated with a business institution. As anon-limiting example, the business institution may be a manufacturer,distributor, wholesaler, retailer, service provider, or other commercialentity. As would be recognized by one of skill in the art, the nature ofthe business institution is not intended to be limiting. Merchant system110 may include distributed servers that are remotely located, and maycommunicate with other systems of the business institution over a publicnetwork, or over a dedicated private network.

Network 112 may be configured to provide communications betweencomponents of FIG. 1 . For example, network 112 may be any type ofnetwork (including infrastructure) that provides communications,exchanges information, and/or facilitates the exchange of information,such as the Internet, a Local Area Network, or other suitableconnection(s) that enables certain components of environment 100 to sendand receive information between the components of environment 100.

FIG. 2 depicts a schematic illustrating an exemplary device forlocalized account freeze device 118 upon detecting fraudulenttransaction, consistent with disclosed embodiments. Localized accountfreeze device 118 may comprise a processor 202, inputs and outputs 204,and a memory 206. Memory 206 may be configured to store one or morecomputer programs, applications, software, firmware, or otherinstructions (not shown) executable for locally freezing a user account.

Memory 206 may be implemented using one or more non-transitory computermemories. In various aspects, memory 206 may comprise one or more harddisk drives, solid state drives, random access memories, or similarnon-transitory computer memories. In some aspects, memory 206 may beimplemented using a distributed file system, such as Hadoop DistributedFile System, GlusterFS, Parallel Virtual File System, Google Filesystem, Moose File System, or another distributed file system enablingdistributed storage, modification, and retrieval of data across acluster, arrangement, or collection of computing devices.

In some embodiments, memory 206 may be configured to store fraud data206A and account data 206B. In some aspects, fraud data 206A and accountdata 206B may each comprise one or more electronic transactions. Invarious aspects electronic transactions may comprise electronictransaction components. Electronic transaction components may include atleast one of a merchant identifier, a customer identifier, date (e.g.,day-of-week, day-of-month, and/or day-of-year), a time, an electronictransaction amount, an electronic transaction location, and any otherelectronic transaction feature recognized by one of skill in the art.Electronic transaction components may be discrete-valued (e.g., merchantidentifier, date), or continuous-valued (e.g., amount, time).

In some embodiments, fraud data 206A may be previously received andstored or fraud data 206A may be received through inputs and outputs 204when localized account freeze device 118 or another device determinesthat fraudulent activity has occurred.

In some embodiments, fraud data 206A may comprise data from thefraudulent activity that initially caused the localized account freezeas well as fraud data associated with prior fraudulent transactions onthe user account associated with user 102 as well as prior fraudulenttransactions associated with other user accounts.

In some embodiments, account data 206B may be previously received andstored or account data 206B may be received through inputs and outputs204 when localized account freeze device 118 or another devicedetermines that fraudulent activity has occurred.

In some embodiments, account data 206B may comprise data associated withprior nonfraudulent transactions on the user account associated withuser 102 as well as prior nonfraudulent transactions associated withother similar user accounts.

FIGS. 3A and 3B depict geographical models of a localized account freezeimplemented upon detecting a fraudulent transaction. For example, FIG.3A depicts a map of the United States 302 and a black-out zone 300.Black-out zone 300 may comprise a localized area where an account isfrozen or unfrozen, consistent with disclosed embodiments. Likewise,referring also to FIG. 3B, a black-out zone 304 may comprise a countryor locality where an account is frozen or unfrozen.

In some embodiments, black-out zone 300 may comprise an areaencompassing where user data indicates a user frequently makeselectronic transactions. Localized account freeze device 118 maygenerate a user pattern using account data 206B. In some embodiments,the user pattern may correlate with a geographical area such asblack-out zone 300. Therefore, if there has been fraud on a useraccount, localized account freeze device 118 may locally unfreezeelectronic transactions corresponding to black-out zone 300 therebyallowing the user to continue making electronic transactions in theimmediate area while freezing their account for electronic transactionsoutside of black-out zone 300.

In some embodiments, black-out zone 300 may comprise an areaencompassing where fraud data indicates a fraudster makes electronictransactions. Localized account freeze device 118 may generate a patternof fraud based on fraud data 206A. In some embodiments, the pattern offraud may correlate with a geographical area such as black-out zone 300.Therefore, if there has been fraud on a user account, localized accountfreeze device 118 may locally freeze electronic transactionscorresponding to black-out zone 300, thereby allowing the user tocontinue making electronic transactions while freezing their account forelectronic transactions coming from the known fraud area of black-outzone 300.

In some embodiments, as a non-limiting example, black-out zone 300 maybe a neighborhood, municipality, state, or country. For example, a useraccount may be unfrozen in a given square mile radius of an averagegeographical location where the user is known to make electronictransactions. In some embodiments, a user account may be unfrozenaccording to the boundaries of a geographical area consistent with theuser's patterns of electronic transaction for a given amount of time.The black-out zone need not be a circle or even correspond to any commongeometric shape and may differ drastically from one local account freezeto another local account freeze and from user to user.

Referring to FIG. 3B, in some embodiments, black-out zone 304 maycorrespond to a country or locality where user data indicates a userfrequently makes electronic transactions. Localized account freezedevice 118 may generate a user pattern using account data 206B. In someembodiments, the user pattern may correlate with a known geo-politicalzone, locality, or country, such as black-out zone 304. Therefore, ifthere has been fraud on a user account, localized account freeze device118 may locally unfreeze electronic transactions corresponding toblack-out zone 304 thereby allowing the user to continue makingelectronic transactions while freezing the user's account for electronictransactions outside the determined black-out zone 304.

In some embodiments, black-out zone 304 may correspond to a country orlocality where fraud data indicates one or more fraudsters frequentlymake electronic transactions. Localized account freeze device 118 maygenerate a pattern of fraud using fraud data 206A. In some embodiments,this pattern of fraud may correlate with a known geo-political zone,locality, or country, such as black-out zone 304. Therefore, if therehas been fraud on a user account, localized account freeze device 118may locally freeze electronic transactions corresponding to black-outzone 304 thereby allowing the user to continue making electronictransactions while freezing their account for electronic transactionsinside the determined black-out zone 304.

FIG. 4A depicts authorization of electronic transactions based on a userpattern. In some embodiments, localized account freeze device 118 may beconfigured to use user pattern 400 to discriminate between acceptableand unacceptable electronic transactions. For example, localized accountfreeze device 118 may be configured to provide an authorizationindication for electronic transactions within user pattern 400 (e.g.,accepted transaction 410). As an additional example, localized accountfreeze device 118 may be configured to deny authorization for electronictransactions outside of user pattern 400 (e.g., rejected transaction412). For example, localized account freeze device 118 may be configuredto not provide an authorization indication for such electronictransactions that are outside of user pattern 400. As a further example,localized account freeze device 118 may be configured to provide adenial-of-authorization indication for such electronic transactions. Insome aspects, the authorization indication may comprise an affirmationof authorization. In some aspects, the authorization indication maycomprise a denial-of-authorization indication. In some aspects, failureto provide an affirmation of authorization, for example within a periodof time, may comprise a denial-of-authorization indication. In someembodiments, the electronic transaction may proceed based on theauthorization indication, according to systems and methods for settlingelectronic transactions known to one of skill in the art.

As shown in FIG. 4A, user pattern 400 is associated with priortransactions 402, 404, 406, and 408 which may be based on account data206B associated with user device 104 and user 102. More particularly, insome embodiments, user pattern 400 may be generated based on priortransactions 402, 404, 406, and 408 and account data 206B.

In some embodiments, prior transactions 402, 404, 406, and 408 may betransactions associated with a user other than user 102 and a deviceother than user device 104. For example, in situations in which there issparse data for prior user transactions, localized account freeze device118 may use data from similar users to compile prior transactions 402,404, 406, and 408.

FIG. 4B depicts authorization of electronic transactions based on afraud pattern. In some embodiments, localized account freeze device 118may be configured to use fraud pattern 450 to discriminate betweenacceptable and unacceptable electronic transactions. For example,localized account freeze device 118 may be configured to provide anauthorization indication for electronic transactions outside fraudpattern 450 (e.g., accepted transaction 462). As an additional example,localized account freeze device 118 may be configured to denyauthorization for electronic transactions within fraud pattern 450(e.g., rejected transaction 460). For example, localized account freezedevice 118 may be configured to not provide an authorization indicationfor such electronic transactions. As a further example, localizedaccount freeze device 118 may be configured to provide adenial-of-authorization indication for such electronic transactions.

As shown in FIG. 4B, fraud pattern 450 is associated with priorfraudulent transactions 452, 454, 456, and 458 which may be based onfraud data 206A associated with

fraud device 108 and fraudster 106. More particularly, in someembodiments, fraud pattern 450 may be generated based on priorfraudulent transactions 452, 454, 456, and 458 and fraud data 206A.

In some embodiments, prior fraudulent transactions 452, 454, 456, and458 may be transactions associated with a fraudster other than fraudster106 and a device other than fraudster device 108. For example, localizedaccount freeze device 118 may use prior fraudulent transactions on otheruser accounts to compile prior fraudulent transactions 452, 454, 456,and 458.

FIG. 5 depicts a flowchart illustrating a process for localized accountfreeze when detecting a fraudulent transaction. In some aspects,localized account freeze device 118 may be configured to receive frauddata associated with a user account. Localized account freeze device 118may be configured to then determine whether the character of fraud isdigital or physical.

In some aspects, if the character of the fraud is determined to bephysical, localized account freeze device 118 may be configured toanalyze patterns of known fraudulent payments. Localized account freezedevice 118 may be configured to then analyze a digital transactionpattern of the user account associated with the fraudulent activity.

Alternatively, if the character of the fraud is determined to bephysical, localized account freeze device 118 may be configured toanalyze location transaction patterns of known fraudulent payments.Localized account freeze device 118 may be configured to then analyzelocation transaction pattern of a user account associated with thefraudulent activity.

In various aspects, localized account freeze device 118 may beconfigured to determine a geodigital area for a localized accountfreeze. Localized account freeze device 118 may be configured to thenperform the localized account freeze on the determine geodigital area.

In step 502, localized account freeze device 118 receives fraud dataassociated with a user account. For example, localized account freezedevice 118 may receive fraud data from a financial service providersystem such as financial service provider system 116. In someembodiments, localized account freeze device 118 may receive fraud datafrom a device not specifically designated, such as from an authorizationdevice or server. In some embodiments, prior fraud data may be stored inlocalized account freeze device 118 in memory 206 and sent to processor202 for use in future steps.

In step 504, localized account freeze device 118 receives account dataassociated with the user account. For example, localized account freezedevice 118 may receive account data from a financial service providersystem such as financial service provider system 116. In someembodiments, localized account freeze device 118 may receive accountdata from a device not specifically designated, such as from anauthorization device or server. In some embodiments, account data may bestored in localized account freeze device 118 in memory 206 and sent toprocessor 202 for use in future steps.

In step 506, localized account freeze device 118 determines thecharacter of the fraud. For example, localized account freeze device 118may determine that the transaction which was marked as fraudulent wasconducted online, in which case the fraud would be determined to bedigital fraud. In other embodiments, localized account freeze device 118may determine that the transaction which was marked as fraudulent wasconducted in person at a determined location, in which case the fraudwould be determined to be physical fraud. However, these twopossibilities may not be mutually exclusive. For example, thetransaction which was marked as fraudulent could have been conductedonline but associated with an Internet Protocol (IP) address which isassociated with a physical location. In these situations, localizedaccount freeze device 118 may be configured to determine that the fraudis both digital and physical and proceed accordingly.

In step 508, if the character of fraud is determined to be digital,localized account freeze device 118 may analyze patterns of knownfraudulent payments. For example, localized account freeze device 118may analyze the fraud data received in step 502 to determine a fraudpattern. In some embodiments, the fraud pattern may comprise certaintypes of transactions associated with fraud and transactions made oncertain websites associated with fraud.

In some embodiments, a neural network may be used to apply machinelearning principles to analyze the fraud data to determine a fraudpattern. Many different machine learning algorithms may be applied todetermine a pattern associated with a set of data, such as the frauddata. For example, backpropagation, k-nearest neighbor grouping,reinforcement learning, support vector machines, and a variety orcombination of other machine learning algorithms may be used todetermine a pattern from a set of data.

In some embodiments, processor 202 may run one or more machine learningalgorithms to determine a pattern associated with a set of data.

In step 510, if the character of fraud is determined to be digital,localized account freeze device 118 may analyze the digital transactionpattern of the user account. For example, localized account freezedevice 118 may analyze the account data received in step 504 todetermine a digital transaction pattern of the user account. In someembodiments, the digital transaction pattern of the user account maycomprise types of transactions the user has made in the past and pasttransactions made by the user on certain websites.

In some embodiments, such as when prior account data associated with theuser account is sparse, localized account freeze device 118 may also useaccount data associated with other user accounts with similartransaction patterns.

In some embodiments, a neural network may be used to apply machinelearning principles to analyze the account data to determine a userpattern. Any of the various machine learning algorithms mentioned abovemay be applied to determine a pattern associated with data correspondingto account usage by the user.

In step 512, if the character of fraud is determined to be physical,localized account freeze device 118 may analyze location transactionpatterns of known fraudulent payments. For example, localized accountfreeze device 118 may analyze the fraud data received in step 502 todetermine a physical location associated with fraud. In someembodiments, the physical location may be a municipality, state,country, or other geographical area where prior fraudulent transactionshave previously occurred.

In some embodiments, a neural network may be used to apply machinelearning principles to analyze the fraud data to determine a fraudpattern. Any of the various machine learning algorithms mentioned abovemay be applied to determine a pattern associated with data correspondingto physical locations where fraud has occurred.

In step 514, if the character of fraud is determined to be physical,localized account freeze device 118 may analyze location transactionpatterns of the user account. For example, localized account freezedevice 118 may analyze the account data received in step 504 todetermine a physical location associated with nonfraudulent transactionon the user account. In some embodiments, the physical location may be amunicipality, state, country, or other geographical area where priornonfraudulent transactions have frequently occurred.

In some embodiments, a neural network may be used to apply machinelearning principles to analyze the account data to determine a userpattern. Any of the various machine learning algorithms mentioned abovemay be applied to determine a pattern associated with data correspondingto account usage by the user.

In some embodiments, such as when prior account data associated with theuser account is sparse, localized account freeze device 118 may also useaccount data associated with other user accounts with similartransaction patterns.

In step 516, localized account freeze device 118 may determine ageodigital area of a localized account freeze. For example, localizedaccount freeze device 118 may determine that fraud data is associatedonly with certain geographical areas and certain transactions andwebsites. Therefore, the geodigital area would comprise the geographicalarea as well as certain electronic transaction types and transactionsfrom certain websites. In some embodiments, the geodigital area may onlycomprise a geographical area. In other embodiments, the geodigital areamay only comprise a digital area corresponding with certain electronictransactions and websites. In still other embodiments, the geodigitalarea may comprise some combination of a geographical area and a digitalarea.

In step 518, localized account freeze device 118 may perform a localizedaccount freeze. For example, localized account freeze device 118 mayperform an account freeze on the geodigital area determined in step 516.The account freeze would prevent further fraudulent transactionsoccurring in the determined fraudulent geodigital area associated withfraud or would prevent fraudulent transaction occurring outside thedetermined geodigital area associated with nonfraudulent transactions onthe user account.

The disclosed embodiments provide a specific way to locally freeze auser account in a geographical or digital space by using known frauddata and account data. These patterns may be used to authorizeelectronic transactions, reducing the cost of fraudulent electronictransactions. These systems and methods may benefit from improvedperformance over simple, conventional models, and may allow thebeneficial use of immense amounts of currently unused, unlabeled frauddata and account data. These systems and methods may also benefit a userby allowing them to continue their regular use on their account.Therefore, the localized freezing of a user account in a geographic ordigital space represents an innovative, technical improvement toelectronic transaction authorization infrastructure that is not routineor conventional in the field of electronic transaction authorization.

Other embodiments will be apparent to those skilled in the art fromconsideration of the specification and practice of the disclosedembodiments disclosed herein. It is intended that the specification andexamples be considered as exemplary only, with a true scope and spiritof the disclosed embodiments being indicated by the following claims.Furthermore, although aspects of the disclosed embodiments are describedas being associated with data stored in memory and other tangiblecomputer-readable storage mediums, one skilled in the art willappreciate that these aspects can also be stored on and executed frommany types of tangible computer-readable media, such as secondarystorage devices, like hard disks, floppy disks, or CD-ROM, or otherforms of RAM or ROM. Accordingly, the disclosed embodiments are notlimited to the above described examples, but instead is defined by theappended claims in light of their full scope of equivalents.

Moreover, while illustrative embodiments have been described herein, thescope includes any and all embodiments having equivalent elements,modifications, omissions, combinations (e.g., of aspects across variousembodiments), adaptations or alterations based on the presentdisclosure. The elements in the claims are to be interpreted broadlybased on the language employed in the claims and not limited to examplesdescribed in the present specification or during the prosecution of theapplication, which examples are to be construed as non-exclusive.Further, the steps of the disclosed methods can be modified in anymanner, including by reordering steps or inserting or deleting steps. Itis intended, therefore, that the specification and examples beconsidered as example only, with a true scope and spirit being indicatedby the following claims and their full scope of equivalents.

What is claimed is:
 1. A method performed by at least one processor forlocally freezing a user account in a geographic or digital space when afraudulent transaction is detected, the method comprising: receivingfraud data associated with the user account, the fraud data including alocation where a fraud associated with the user account has occurred,wherein the fraud location comprises at least one of a digital locationor a geographical location; receiving account data associated with theuser account, the account data including non-fraudulent accounttransaction information; generating a pattern of fraud based on thefraud data; generating a pattern of use associated with the user accountbased on the account data; determining one or more additional useraccounts associated with the user account: determining a geodigital areafor a localized account freeze based on the pattern of fraud or thepattern of use; and performing a localized account freeze on the useraccount based on the determined geodigital area; and performing alocalized account freeze in geodigital space on the one or moreadditional user accounts based on the determined geodigital area.
 2. Themethod of claim 1, wherein the fraud data also comprises at least onepreviously stored pattern of fraud.
 3. The method of claim 1, whereinthe determined geodigital area for the localized account freezecomprises a geographical area.
 4. The method of claim 1, wherein thedetermined geodigital area for the localized account freeze comprisesone or more websites.
 5. The method of claim 1, wherein the account datacomprises relational data associated with other user accounts.
 6. Themethod of claim 3, wherein determining the geographical area for thelocalized account freeze comprises determining a square mile radiusaround the geographical location of the fraud for the localized accountfreeze.
 7. The method of claim 4, wherein determining the geodigitalarea for the localized account freeze comprises determining one or morewebsites associated with the fraud data.
 8. The method of claim 1,wherein the generating the pattern of fraud includes analyzing the frauddata using a machine learning model to determine the pattern of fraud.9. The method of claim 8, wherein the machine learning model is anunsupervised clustering machine learning model.
 10. The method of claim8, wherein the machine learning model is a supervised classificationmachine learning model.
 11. A system for locally freezing a user accountin a geographic or digital space comprising: at least one processor; andat least one non-transitory computer readable medium containinginstructions that, when executed by the at least one processor, causethe at least one processor to perform operations comprising: receivingfraud data associated with the user account, the fraud data including alocation where a fraud associated with the user account has occurred,wherein the fraud location comprises at least one of a digital locationor a geographical location; receiving account data associated with theuser account, the account data including non-fraudulent accounttransaction information; generating a pattern of fraud based on thefraud data; generating a pattern of use associated with the user accountbased on the account data; determining one or more additional useraccounts associated with the user account; determining a geodigital areafor a localized account freeze based on the pattern of fraud or thepattern of use; and performing a localized account freeze on the useraccount based on the determined geodigital area; and performing alocalized account freeze in geodigital space on the one or moreadditional user accounts based on the determined geodigital area. 12.The system of claim 11, wherein the fraud data also comprises at leastone previously stored pattern of fraud.
 13. The system of claim 11,wherein the determined geodigital area for the localized account freezecomprises a geographical area.
 14. The system of claim 11, whereindetermining the geodigital area for the localized account freezecomprises determining one or more websites associated with the frauddata, and wherein the determined geodigital area for the localizedaccount freeze comprises the determined one or more websites.
 15. Thesystem of claim 11, wherein the account data comprises relational dataassociated with other user accounts.
 16. The system of claim 13, whereindetermining the geographical area for a localized account freezecomprises determining a square mile radius around the geographicallocation of the fraud for the localized account freeze.
 17. The systemof claim 14, wherein generating the pattern of fraud includes analyzingthe fraud data using an unsupervised clustering machine learning modelto determine the pattern of fraud.
 18. An authorization servercomprising: at least one processor; and at least one non-transitorycomputer readable medium containing instructions that, when executed bythe at least one processor, cause the authorization server to performoperations comprising: receiving fraud data associated with a useraccount, the fraud data including a location where a fraud associatedwith the user account has occurred, wherein the fraud location comprisesat least one of a digital location or a geographical location; receivingaccount data associated with the user account, the account dataincluding non-fraudulent account transaction information; generating apattern of fraud based on the fraud data; generating a pattern of useassociated with the user account based on the account data; determiningone or more additional user accounts associated with the user account;determining a geodigital area for a localized account freeze based onthe pattern of fraud or the pattern of use; providing the geodigitalarea for a localized account freeze to a system; and providing alocalized account freeze for the one or more additional user accountsbased on the determined geodigital area.